b'OFFICE OF INSPECTOR GENERAL \n\n\nAUDIT OF THE INTER\xc2\xad\nAMERICAN FOUNDATION\'S\nFISCAL YEAR 2013\nCOMPLIANCE WITH THE\nFEDERAL INFORMATION\nSECURITY MANAGEMENT ACT\nOF 2002\nAUDIT REPORT NO. A-IAF-13-007-P\nSEPTEMBER 30, 2013\n\n\n\nWASHINGTON, D.C.\n\x0cThis is a summary of our report on the "Audit of the Inter-American Foundation\'s Fiscal Year\n2013 Compliance With the Federal Information Security Management Act of 2002" (Report\nNo. A-IAF-13-007-P). The Office of Inspector General (OIG) contracted with the independent\ncertified public accounting firm of CliftonLarsonAlien LLP to conduct the audit. Clifton was\nrequired to conduct the audit in accordance with generally accepted government auditing\nstandards. The objective was to determine whether the Inter-American Foundation (IAF)\nimplemented selected minimum security controls for selected information systems in support of\nthe Federal Information Security Management Act of 2002 (FISMA).\n\nTo answer the audit objective, Clifton assessed whether IAF implemented selected\nmanagement, technical, and operational controls outlined in National Institute of Standards and\nTechnology Special Publication 800-53, Recommended Security Controls for Federal\nInformation Systems and Organizations, Revision 3. Clifton performed audit fieldwork at IAF\'s\nheadquarters in Washington, D.C., from April 26, 2013 through August 6,2013.\n\nThe audit concluded that IAF implemented 71 of 85 tested security controls in support of\nFISMA. For example, IAF:\n\n\xe2\x80\xa2 \t Established adequate information technology security policies and procedures.\n\n\xe2\x80\xa2 \t Implemented an effective incident handling and response program.\n\n\xe2\x80\xa2 \t Maintained adequate control over physical access to facilities and the computer room.\n\n\xe2\x80\xa2 \t Established adequate processing procedures for bringing on new employees and for\n    employees leaving the organization.\n\nHowever, Clifton concluded that IAF\'s operations and assets might be at risk of misuse and\ndisruption. Therefore, the report made eight recommendations to help IAF strengthen its\ninformation security program. Although OIG acknowledged IAF\'s management decisions on\neach of those recommendations, it did not agree with IAF\'s management decision for four of\nthem. Therefore, OIG encouraged IAF to revise them to fully address the weaknesses identified\nin Clifton\'s audit report.\n\x0cu.s. Agency for International Development \n\n       Office of Inspector General \n\n      1300 Pennsylvania Avenue, NW \n\n          Washington, DC 20523 \n\n            Tel: 202-712-1150 \n\n            Fax: 202-216-3047 \n\n           http://oig.usaid.gov \n\n\x0c'